Skip to content

add tcp close attribution #28

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
zhiyuan-liao wants to merge 2 commits into
base: master
Choose a base branch
from
Open

add tcp close attribution #28

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8c9b23a
add tcp close
Apr 28, 2022
80b6a3f
add README.md
Apr 28, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -158,6 +158,7 @@ Data can be transferred between hosts using two methods. The example below outli

my_connection > (content:"GET / HTTP/1.1\x0d\x0aHost:google.com\x0d\x0aUser-Agent: DogBot\x0d\x0a\x0d\x0a";);
my_connection < (content:"HTTP/1.1 200 OK\x0d\x0aContent-Length: 300\x0d\x0a\x0d\x0aWelcome to Google.com!";);
my_connection > ( close; );

In this example, the flow *my_connection* must have been previously declared. A single packet with the content specified will be transmitted from the client to the server. The following method is also accepted, however, this may change in the future as the syntax is formalized.:

Expand All @@ -181,7 +182,7 @@ The following event attributes are currently supported:
+ tcp.flags.syn
+ tcp.flags.ack
+ tcp.flags.rst

+ close
##### Content Attribute #####
The *content* attribute is used to specify the payload of a packet. Content attributes must be enclosed in double quotes. UTF-8 is supported and arbitrary bytes can be expressed with the "\xHH" notation where "HH" is the hexidecimal representation of the byte. For example, a carriage return (ASCII 0x0D) followed by a line feed (ASCII 0x0A) can be defined like this: *\x0D\x0A*. This translation takes place during the render phase.

Expand Down Expand Up @@ -214,6 +215,9 @@ The *tcp.flags.ack* attribute tells Flowsynth to force the packet to be an ACK p
##### tcp.flags.rst Attribute #####
The *tcp.flags.rst* attribute tells Flowsynth to force the packet to be a RST packet.

#### close Attribute ####
The close attribute tells Flowsynth to close a tcp connection with Four-Way Wavehand

## Authors ###

+ Will Urbanski (will dot urbanski at gmail dot com)
Expand Down
43 changes: 40 additions & 3 deletions src/flowsynth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -562,13 +562,50 @@ def format_port(port):
return port
except ValueError:
raise SynSyntaxError("Invalid Syntax. %s is not a valid port" % port)
def render_fni(self,eventid):
event = self.timeline[eventid]
pkts = []
payload = bytearray()
if self.l4_proto == Flow.PROTO_TCP:
src_port = int(self.src_port)
dst_port = int(self.dst_port)
#FNI ACK to server
lyr_eth = Ether(src = self.src_mac, dst = self.dst_mac)
lyr_ip = IP(src = self.src_host, dst = self.dst_host)
lyr_tcp = TCP(flags='FA', seq=self.to_server_seq, ack=self.to_client_seq, sport = src_port, dport = dst_port) / Raw(payload)
pkt = lyr_eth / lyr_ip / lyr_tcp
pkts.append(pkt)
#FNI ACK to client
lyr_eth = Ether(src = self.dst_mac, dst = self.src_mac)
lyr_ip = IP(src = self.dst_host, dst = self.src_host)
lyr_tcp = TCP(flags='FA', seq=self.to_client_seq, ack=self.to_server_seq, sport = dst_port, dport = src_port) / Raw(payload)
pkt = lyr_eth / lyr_ip / lyr_tcp
pkts.append(pkt)
#ACK
lyr_eth = Ether(src = self.dst_mac, dst = self.src_mac)
lyr_ip = IP(src = self.dst_host, dst = self.src_host)
lyr_tcp = TCP(flags='A', seq=self.to_client_seq + 1, ack=self.to_server_seq + 1, sport = dst_port, dport = src_port) / Raw(payload)
pkt = lyr_eth / lyr_ip / lyr_tcp
pkts.append(pkt)
#ACK
lyr_eth = Ether(src = self.src_mac, dst = self.dst_mac)
lyr_ip = IP(src = self.src_host, dst = self.dst_host)
lyr_tcp = TCP(flags='A', seq=self.to_server_seq + 1, ack=self.to_client_seq + 1, sport = src_port, dport = dst_port) / Raw(payload)
pkt = lyr_eth / lyr_ip / lyr_tcp
pkts.append(pkt)
elif self.l4_proto == Flow.PROTO_UDP:
pass
return pkts

def render(self, eventid):
""" render a specific eventid """

event = self.timeline[eventid]
pkts = []

##finish flow
if event.get('attributes', False).get('close',False) is True:
pkts = self.render_fni(eventid)
return pkts
#get the payload
hasPayload = False
payload = bytearray()
Expand Down Expand Up @@ -971,8 +1008,8 @@ def autogen_handshake(flowdecl):

parent_flow = COMPILER_FLOWS[flowdecl['name']]

client_isn = 10 #random.randint(10000, 99999)
server_isn = 100 #random.randint(10000, 99999)
client_isn = 10000 #random.randint(10000, 99999)
server_isn = 1000000 #random.randint(10000, 99999)

#send syn
eventdecl = {}
Expand Down